How To Run A Sccessful Cybersecurity Tabletop Exercise

If you’re a mid-sized or large enterprise in Australia, you need to have a solid cyber incident response plan and have that regularly tested. One way to test those plans is by regularly hosting cyber tabletop exercises.

A tabletop exercise will test your company’s technical cybersecurity responses, as well as train your executives on their roles and responsibilities when enduring a real-life attack. These are usually hosted by an experienced facilitator who will throw chaos and cyber-crisis scenarios in the room with the objective to show the organisation the major gaps, liabilities and vulnerabilities of their cybersecurity response plan. The overall benefit of this is the alignment of technical and executive responses during a crisis, and ensuring the business is working together when time is of the essence.

As expert facilitators in tabletop exercises, our team often run these types of simulations:

• Malware Attack Tabletop: This is designed to focus on company devices that have been infiltrated with malicious software. The objective of the tabletop is to identify how to remediate the technology, decommission vulnerabilities and establish communications channels.
• Ransomware Attack Tabletop: This simulation focuses on a ransomware attack that blocks users access to the company system. In this, the exercise team is focused on gaining re-entry into the system without paying bribes and minimising downtime. A focus on communication and compliance is key to ensure the entire business isn’t at risk. A ransomware attack can create a very high-pressure and challenging situation for any security and executive team, so is often the most sought-after. Security team as well as for the management and thus it must be rehearsed at the time of a cyber tabletop workshop.
• Unauthorised Access Tabletop: This revolves around a scenario where a malicious actor can gain access to the organisation's network, data or endpoints without the requisite permissions. As this is a very common threat, it often requires the attendance of technical, management and the Executive team to comprehend the entire response strategy.

At Tesserent, we run successful tabletop exercises weekly with customers across the country.

So, what are often the most critical items for success?

1. Preparation: Listing business critical assets, processes, team members and the IT infrastructure are key to running a successful exercise. Developing agendas, briefing sheets and focus points will ensure the team keeps on track.
2. Scenario and Threat Definition: In a Tesserent cyber tabletop workshop, one of our team will often create a scenario that is dangerous and very likely to occur, specialised to the business and their endpoints. The facilitator will then outline the threat actor and what they intend to do once they are in the system. An exercise based on likely threats and scenarios are vital to testing the cybersecurity response plan as it trains the team on how to respond to a likely threat.
3. Multiple Threat Vectors: Running a tabletop exercise that tests against one threat vector is not enough. Sophisticated attacks in the real world often have a series of vectors at play in any one attack. These could be ransomware, malware, an insider or privileged user or a combination of physical and virtual actors. Making sure the tabletop exercise covers off all possible vectors will prove whether the cyber response is resilient enough.
4. Attack on Critical Infrastructure: A successful tabletop exercise will need to test against the ‘worst case scenario’ to build resiliency amongst the response team. This often includes playing out scenarios where critical infrastructure and operations are compromised and affect business continuity. This then allows your team to practise correct responses in a sandpit environment and be prepared for the worst.

The team at Tesseren are able to work with you and your team to strategies, architect and deliver tabletop exercises custom to your organisation and industry vertical. We work with you on planning scenarios, listing assets and infrastructure, deploying our own Red Team for simulated attacks and working on-site to facilitate the workshop at your office or virtually.

And, importantly, we will present you with a formal report and analysis of the tabletop simulation to highlight how your people, processes and cybersecurity technology responded to the test. This report also defines areas of vulnerability for the organisation, suggests improvements and a maturity roadmap to success.

For more information, please send a contact query to our team and we will be in contact.